Trojaner-Board - rundll32.exe läuft nach verzögertem Systemstart

Vielen Dank für die schnelle Antwort, hier sind die Logfiles :).

Habe aus Versehen das Tool nicht auf dem Desktop sondern in meinem Download Ordner gespeichert, demnach wurden die .txt dahin gespeichert, sollte aber kein Problem sein oder?

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01

Ran by Tim (administrator) on TIM-PC on 31-12-2013 14:58:59

Running from D:\Firefox Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe

(TeamSpeak Systems GmbH) D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - D:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-27] (AVAST Software)

MountPoints2: {e78a097e-38a7-11e3-9713-806e6f6e6963} - F:\Run.exe

HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5CCEE03DB7CCCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\5hkellq6.default

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Adblock Plus - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\5hkellq6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF

FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-27] (AVAST Software)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-27] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-19] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-19] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-27] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-27] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-27] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-27] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)

S3 gdrv; \??\C:\Windows\gdrv.sys [x]

S4 NVHDA; system32\drivers\nvhda64v.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-31 14:58 - 2013-12-31 14:58 - 00000000 ____D C:\FRST

2013-12-27 10:34 - 2013-12-27 10:34 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-22 18:23 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-12-22 18:23 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-12-12 03:00 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-12 03:00 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-12 03:00 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-12 03:00 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-12 03:00 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-12 03:00 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-12 03:00 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-12 03:00 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-12 03:00 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-12 03:00 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-12-12 03:00 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-12 03:00 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-11 17:13 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-11 17:13 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 17:13 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 17:13 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-11 17:13 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 17:13 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-11 17:13 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 17:13 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 17:13 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-11 17:13 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 17:13 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 17:13 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-11 17:13 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-11 17:13 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 17:13 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 17:13 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-11 17:13 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-11 17:13 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 17:13 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-11 03:42 - 2013-12-11 03:42 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Macromedia

2013-12-11 03:42 - 2013-12-11 03:42 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Adobe

2013-12-11 03:39 - 2013-12-31 14:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-11 03:39 - 2013-12-11 03:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 03:39 - 2013-12-11 03:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-11 03:39 - 2013-12-11 03:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-04 12:42 - 2013-12-04 12:42 - 00000000 ____D C:\Users\Tim\AppData\Local\Blizzard

2013-12-04 02:37 - 2013-12-04 02:37 - 00000000 ____D C:\Users\Tim\AppData\Roaming\NVIDIA
 

==================== One Month Modified Files and Folders =======
 

2013-12-31 14:58 - 2013-12-31 14:58 - 00000000 ____D C:\FRST

2013-12-31 14:43 - 2013-10-19 11:21 - 01233763 _____ C:\Windows\WindowsUpdate.log

2013-12-31 14:38 - 2013-12-11 03:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-31 11:20 - 2013-10-19 16:01 - 00000000 ____D C:\Users\Tim\AppData\Roaming\TS3Client

2013-12-31 10:49 - 2011-04-12 08:43 - 00697658 _____ C:\Windows\system32\perfh007.dat

2013-12-31 10:49 - 2011-04-12 08:43 - 00148452 _____ C:\Windows\system32\perfc007.dat

2013-12-31 10:49 - 2009-07-14 06:13 - 01615906 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-31 10:49 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-31 10:49 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-31 10:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-31 10:42 - 2009-07-14 05:51 - 00042909 _____ C:\Windows\setupact.log

2013-12-30 22:27 - 2013-11-10 01:18 - 00000000 ____D C:\Users\Tim\Documents\ManiaPlanet

2013-12-30 22:05 - 2013-11-10 01:18 - 00000000 ____D C:\ProgramData\ManiaPlanet

2013-12-30 15:18 - 2013-10-19 13:01 - 00000000 ____D C:\Users\Tim\AppData\Local\Battle.net

2013-12-27 10:35 - 2010-11-21 04:47 - 00082694 _____ C:\Windows\PFRO.log

2013-12-27 10:34 - 2013-12-27 10:34 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-27 10:34 - 2013-11-12 22:10 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-27 10:34 - 2013-10-19 13:04 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-27 10:34 - 2013-10-19 13:04 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-27 10:34 - 2013-10-19 13:04 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-27 10:34 - 2013-10-19 13:04 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-27 10:34 - 2013-10-19 13:04 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-27 10:34 - 2013-10-19 13:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-27 10:34 - 2013-10-19 13:04 - 00001049 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-20 21:02 - 2013-10-19 13:00 - 00000000 ____D C:\Program Files (x86)\Battle.net

2013-12-18 20:32 - 2013-10-28 13:01 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2013-12-15 03:00 - 2013-10-19 11:48 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-15 03:00 - 2013-10-19 11:48 - 00000000 ____D C:\Windows\system32\MRT

2013-12-12 13:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-12 13:10 - 2009-07-14 05:45 - 00267384 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-11 03:42 - 2013-12-11 03:42 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Macromedia

2013-12-11 03:42 - 2013-12-11 03:42 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Adobe

2013-12-11 03:39 - 2013-12-11 03:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-11 03:39 - 2013-12-11 03:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-11 03:39 - 2013-12-11 03:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-11 03:39 - 2013-10-19 14:10 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe

2013-12-10 03:13 - 2013-11-02 18:21 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2013-12-10 03:13 - 2013-11-02 18:21 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2013-12-08 16:14 - 2013-11-16 21:50 - 00000000 ____D C:\Users\Tim\AppData\Local\NVIDIA Corporation

2013-12-08 16:14 - 2013-10-19 12:49 - 00000000 ____D C:\Users\Tim\AppData\Local\NVIDIA

2013-12-08 16:13 - 2013-10-19 12:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-12-08 16:13 - 2013-10-19 12:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-12-08 16:13 - 2013-10-19 12:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-12-05 09:42 - 2013-12-22 18:23 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-12-05 09:42 - 2013-12-22 18:23 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-12-05 09:42 - 2013-10-19 12:47 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2013-12-04 12:42 - 2013-12-04 12:42 - 00000000 ____D C:\Users\Tim\AppData\Local\Blizzard

2013-12-04 02:37 - 2013-12-04 02:37 - 00000000 ____D C:\Users\Tim\AppData\Roaming\NVIDIA
 

Some content of TEMP:

====================

C:\Users\Tim\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Tim\AppData\Local\Temp\_isAEA6.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-30 09:51
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01

Ran by Tim at 2013-12-31 14:59:11

Running from D:\Firefox Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)

avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)

Battle.net (x32 Version:  - Blizzard Entertainment)

Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation)

Hearthstone (x32 Version:  - Blizzard Entertainment)

Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation)

League of Legends (x32 Version: 3.0.1 - Riot Games )

marvell 91xx driver (x32 Version: 1.2.0.1020 - Marvell)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)

Mozilla Firefox 26.0 (x86 de) (HKCU Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 24.0.1 - Mozilla)

NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation)

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation)

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation)

NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation)

NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation)

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation)

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation)

NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)

Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)

Platform (x32 Version: 1.39 - VIA Technologies, Inc.)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation)

Steam (x32 Version: 1.0.0.0 - Valve Corporation)

TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)

The Binding of Isaac (x32 Version:  - Edmund McMillen and Florian Himsl)

TrackMania² Stadium (x32 Version:  - Nadeo)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

VIA Plattform-Geräte-Manager (x32 Version: 1.39 - VIA Technologies, Inc.)

World of Warcraft (x32 Version:  - Blizzard Entertainment)
 

==================== Restore Points  =========================
 

10-12-2013 16:13:53 Windows Update

12-12-2013 02:00:11 Windows Update

15-12-2013 02:00:10 Windows Update

20-12-2013 18:29:14 Windows Update

22-12-2013 17:23:29 DirectX wurde installiert

24-12-2013 10:48:20 Windows Update

27-12-2013 09:33:56 avast! antivirus system restore point

31-12-2013 09:46:11 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3EC99F5E-5215-4085-AB26-185A902D0234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {46CF1C3D-2DB8-4BE8-A684-F9019AB6D9C3} - System32\Tasks\EVGAPrecision => D:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

Task: {58AE7B24-6C77-444B-8333-A1D4074256B0} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-27] (AVAST Software)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-10-19 11:29 - 2012-08-09 11:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2013-10-19 11:29 - 2012-08-09 11:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2013-09-27 13:15 - 2013-10-24 12:21 - 00302056 _____ () D:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll

2013-09-27 13:15 - 2013-10-24 12:21 - 00320488 _____ () D:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll

2013-09-27 13:15 - 2013-10-24 12:21 - 00565224 _____ () D:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll

2013-09-27 13:15 - 2013-10-24 12:21 - 00700904 _____ () D:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll

2013-12-30 21:35 - 2013-12-30 19:57 - 02153984 _____ () D:\Program Files\AVAST Software\Avast\defs\13123001\algo.dll

2013-12-31 14:12 - 2013-12-31 13:30 - 02152960 _____ () D:\Program Files\AVAST Software\Avast\defs\13123100\algo.dll

2013-10-19 13:04 - 2013-10-19 13:04 - 19336120 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll

2013-10-19 14:24 - 2013-10-19 14:24 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\15a401ada99d9c232904f8c43776d944\PSIClient.ni.dll

2013-10-19 11:29 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2013-12-10 18:36 - 2013-12-10 18:36 - 03559024 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/31/2013 10:44:39 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/30/2013 09:36:09 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/29/2013 11:06:15 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/28/2013 10:12:16 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:43:08 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:37:00 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:31:01 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2013 06:54:09 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/24/2013 11:46:49 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/23/2013 04:20:43 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (12/12/2013 01:50:57 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (12/12/2013 01:50:57 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (12/04/2013 01:21:43 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (12/04/2013 01:21:43 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (12/04/2013 00:03:46 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (12/04/2013 00:03:46 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (11/01/2013 11:54:37 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (11/01/2013 11:54:37 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (10/25/2013 06:42:17 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎25.‎10.‎2013 um 19:28:26 unerwartet heruntergefahren.
 

Error: (10/20/2013 04:26:24 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (12/31/2013 10:44:39 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/30/2013 09:36:09 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/29/2013 11:06:15 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/28/2013 10:12:16 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:43:08 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:37:00 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/27/2013 10:31:01 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2013 06:54:09 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/24/2013 11:46:49 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/23/2013 04:20:43 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 22%

Total physical RAM: 8152.05 MB

Available physical RAM: 6284.23 MB

Total Pagefile: 16302.28 MB

Available Pagefile: 14354.86 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.57 GB) (Free:49.91 GB) NTFS

Drive d: (Programme und Downloads) (Fixed) (Total:837.62 GB) (Free:835.93 GB) NTFS

Drive e: (Spiele) (Fixed) (Total:1025.27 GB) (Free:1016.15 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 1863 GB) (Disk ID: 4198A719)
 

Partition: GPT Partition Type

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type

==================== End Of Log ============================